Cisco Firewall :: ASA 5520 Flash Upgrade From 256Mb To 512Mb
Mar 25, 2013
I need to upgrade the flash memory of the ASA 5520 from 256Mb to 512Mb. As far as I realized the built-in flash memory called system compact flash and there is also an empty slot which it is possible to install a user flash.
What is the difference between user and system compact flash? and for upgrade can I just insert the user compact flash or do I need to upgrade the system compact flash? Where can I find the part number for each type?
recently I had a power cut in the office and my Cisco ASA 5505 512MB Base 10 user License stopped working.it was not possible to establish L2L VPN.I replaced it with another ASA 5505 with 256MB RAM Base 10 user License.I restored the configuration and everything is working now.The main problem is that before (with the 512MB ASA) I had two L2L tunnels established and many clients (up to 30 clients)using the two tunnels. Now with the 256MB ASA when the clients being in the L2L reach 10 clients,the other clients stop working inside the VPN, they cannot reach hosts which are on the other end of the L2L. This could be due to te less amount of RAM ?? Otherwise I can't explain this behaviour.Could I solve this buying the 50 user license upgrade ?But in my previous ASA I had the Basic 10 user license and everything was working with many clients reaching hosts behind the two tunnels.
I need to upgrade the ASA 5520 from OS 8.2(5)26 to 8.2(5)33. the ASA only has 64M of flash. I have a 256M flash card. What are the steps to upgrade the flash? I am not sure how it will boot up because the new flash will be blank?
I tried last night to upgrade the memory in my old 5510. It's about 5 years old and has the single memory socket. I followed the instruction included in the kit:
Mfr. Part#: ASA5510-MEM-1GB
I did wear an ESD wrist strap (genuine Cisco at that!) and ensured the memory was fully seated, the handles locked in.Upon restarting the ASA, for over 15 minutes, it stayed in mode: Power LED steady, Status LED flashing, other LEDs off. No response to attempts to SSL via Putty. I powered it off, verified the memory was indeed fully seated, and re-installed the original 256 MB module. It powered up normally in less than 5 minutes. Is there anything else to try before returning the memory? Tonight, I can try the same new memoy module and see if it works.
Loading...IO memory blocks requested from bigphys 32bit: 13008 dosfsck 2.11, 12 Mar 2005, FAT32, LFN
here ---> Currently, only 1 or 2 FATs are supported, not 64.
dosfsck(/dev/hda1) returned 1 dosfsck 2.11, 12 Mar 2005, FAT32, LFN open /dev/hdb1:No such file or directory dosfsck(/dev/hdb1) returned 1 mount: mounting /dev/hdb1 on /mnt/disk1 failed: No such file or directory mount: mounting /dev/hdb1 on /mnt/disk1 failed: No such file or directory Processor memory 868220928, Reserved memory: 62914560
what does this mean?Currently, only 1 or 2 FATs are supported, not 64.
I am needing to upgrade the Flash card on our current ASA from 64mb to a 1GB card to make way from upgrading from 8.0 to 8.4. When i copy all the contents from the 64MB card through a card reader i am not getting the startup-config file copied over. I checked to make sure that all hidden files are shown, but i am not seeing it. I backed up the startup-config from the old 64mb card to a tftp server before switching the cards out. Is their something that i am missing?
I have an ASA 5520, currently running version 7.25-k8. I'm preparing for an upgrade to version 7.25(4), so I transferred the software code (obtained via Cisco download) to the firewall vis SCP. I then issued the "verify flash:asa725-k8.bin" and it fails. It comes back with the error that the CRC did not verify, Data Integrity has been compromised". My first thought was the image did not copy correctly, so I deleted it and transferred it again. I got the same error. Then I decided to run a verify against the actual current code that was running on the firewall, and it came back with the same error. I don't understand what the problem is. I don't tend to think it's an SSH key related problem, as the method I use to access the firewall is via SSH and I have no problems. Worth noting,this firewall is part of an active/standby pair, and I observe the same behavior on the failover unit, it fails to verify.
Currently my ASA5510 has a 64MB internal flash. Does the ASA require a higher capacity flash for an IOS upgrade from 7.2(x) to 8.2(x)? The Cisco Release Notes does not state any internal flash requirement, but just wanted to double check.
I recently upgraded the flash and the RAM on one of my ASA 5505 lab machines. The flash was upgraded from 128 to 512MB and the RAM was also upgraded from 256 to 512MB. I am using asa845-k8.bin. The firewall boots and runs file until you issue the reload command. The system shuts down but never reloads.
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
We wish to upgrade 8.2(3) to 8.2(5) on our asa 5520 and 5510. I have been looking for Cisco guides for installation instructions but havent been able to track any. or is it just as striaght forward as copy image, reboot secondary and the primary
I have a 2 ASA 5520 firewalls for high availability and need to upgrade IOS from 7.2(4) to 8.2 or latest. What could be the better way and upgrade procedure. Below is show version details and IOS upgrade to latest.
Cisco Adaptive Security Appliance Software Version 7.2(4)Device Manager Version 5.2(4) Compiled on Sun 06-Apr-08 13:39 by buildersSystem image file is "disk0:/asa724-k8.bin"Config file at boot was "startup-config"
IGN-ASA-1 up 45 days 17 hoursfailover cluster up 45 days 17 hours Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHzInternal ATA Compact Flash, 256MBSlot 1: ATA Compact Flash, 512MBBIOS Flash M50FW080 @ 0xffe00000, 1024KB
We have 2 ASA 5520s in active/standy. We run IOS 8.2(5)24 and I wondered if I need to upgrade as I see the versions have gone to 8.4 and beyond! We are not getting any issues and I'm aware of the difficult migration from 8.2 to 8.4 etc due to the NAT change.
I have a couple of ASA5520 and ASA5550, and I wanted to know if it is worth it to upgrade the software from 8.2(4) to 8.2(5)? Because of the RAM I cannot upgrade to 8.3 for now.
We are currently on 8.0(4) and planning on upgrading our failover pair to 8.4.2, I read some documents saying that we can perform a zero downtime upgrade.
According the below documents Version 8.2 supports mismatch memory failover, [URL]
Upgrade Path:
Active Firewall: Standby Firewall: 8.0(4) 8.0(4)-->8.2.2 8.0(4) Upgrade RAM-2G---Reload faiover to standby 8.2.2 8.0(4)--->8.2.2 8.2.2
[code]...
Can I perform zero downtime upgrade with the above upgrade path? Will both the firewalls act as a failover pair if one is on 8.2.2 and other is on 8.4.2.
"Performing Zero Downtime Upgrades for Failover Pairs
The two units in a failover configuration should have the same major (first number) and minor (second number) software version. However, you do not need to maintain version parity on the units during the upgrade process; you can have different versions on the software running on each unit and still maintain failover support." [URL]
I upgraded a pair of ASA 5520s from ASA 8.3 to ASA 8.4(4) this week and now my DMZ hosts cannot reliably communicate with eachother. I have a DMZ network of 10.20.20.16/28 configured. 10.20.20.17 is the ASA/Gateway and 10.20.20.19 is one host and 10.20.20.20 is another host. These two hosts had no problem communicating with eachother before the upgrade. Now, they usually cannot communicate with eachother. Occasionally they can communicate, but only for a few minutes. What is strange is I never had any access lists for these hosts to talk with eachother before the upgrade (because their traffic to eachother should have never reached the firewall) but now I needed to create an access list on the DMZ interface allowing these two hosts to talk. ICMP works fine, but only if the ACL is in place. TCP rarely works.
I have been asked to look at upgrading two 5520 ASA configured in a HA pair Active/Standby, from version 7.2(4) to version 8.3(1) to bring it in line with some other ASA firewalls in the organisation.
My question is can I simply upgrade straight from 7.2(4) to 8.3(1) or will I have to step the upgrade from 7.2(4) => 8.2(x) => 8.3(1)
Having read a few articles on the forums and the release notes I think I should be able to go from 7.2(4) => 8.3(1) .
The second part of my query is around the upgrade itself, having researched this a little there seems to be various views on how to go about upgrading a HA pair and I cannot find anything specific on the website.
The approach I am thinking of is simply as follows;
- upload images onto both firewalls in the HA pair - On the standby from the CLI clear configure boot
last night we tried to upgrade our cluster (2x ASA5520) from 8.0(4) to 8.2(3) and failed miserably.
1. Both units got the new image, but when we reloaded the secondary unit then we got the following strange message:
"Mate's license (10GE I/O Enabled) is not compatible with my license (10GE I/O Disabled). Fail over will be disabled."
After this message fail over was not there anymore and both units became active (!!!) which killed everything. Of course ASA5520 doesn't have 10GE and we have exactly the same units. What could be the problem here? Currently we run with a single unit with 8.2(3) and the secondary unit is switched off.
2. After the upgrade we cannot connect with multiple VPN sessions from the same client, this gets logged:
"Multiple sessions per tunnel are not supported"
This was working just fine with 8.0(4) and doesn't work with 8.2(3). Do we have to update something in the config or what is causing this? If you ask why we went with 8.2(3) instead of 8.2(5) then the answer is because we were testing that for several month in our secondary data center, but unfortunately only on a single ASA and not on a cluster. We couldn't go higher due to the 512MB RAM we have in all units. And we had to upgrade, because we had crashes with 8.0(4) which was working fine for a long-long time.
I was trying to upgrade from 8.3.1 to 8.3.2. but I am unable to copy via tftp to the ASA flash or disk0:
ASA5520# copy tftp: flash: Address or name of remote host []? 10.88.127.153 Source filename []? asa831-k8.bin Destination filename [asa831-k8.bin]?
[code]....
Half way thru writing to the disk, it goes for a reboot. There is more than enought space on the disk0. I tried copying via a Compact Flash, but the ASA is not detecting the Compact Flash (which I thinks should be disk1). I tried copying a asdm file, even that also went for a reboot.I am stuck now, unable to upgrade
I am attempting to install a 512 MB Cisco COmpact Flash for an ASA 5520. We have inserted the compact flash but when we do a DIR, it does not show. even as an unformatted device.
What do we need to do to make this a usable CF? Do I just need to reload the ASA or do I need to format the CF. It has been inserted into the slot in the back of the ASA 5520 and we have ensured that is had been seated properly.
I need to upgrade compact flash memory card for a 3800 router. Basically i want to upgrade code on this router and the current flash size (64Mb) cannot hold new image. I wanted to check if i swap the old flash (64 Mb) with a new one 256 mb, i will loose vlan.dat file since it's stored in flash. Is there a way i can copy vlan.dat to new flash which has new code before i change the boot statements and reload the router?
Currently I have C2801 with 256MB of memory and 64MB of flash. I want to upgrade it to 384MB / 128MB.Do I need to get MEM2801-256D or I can use any PC133 SDRAM (144PIN) for memory? 384 is maximum I can install? Do I need to get MEM1800-128CF or I can use any compant flash card? 128MB is maximum I can install? (I saw 256MB flash on for C2801)
I need to upgrade the compact flash memory on a 2821 router from 64 to 128, upgrade the ios, and re-script the router. So I'm wondering what is the correct sequence? With the router powered on, do i eject the existing flash, and install the new one or do I power down the router? Once the memory has been increased, then i can upload the new ios?
I am doining a flsh upgrade for 12000 router ... I am following this guidelines
[URL]
when i do show version | i image System image file is "disk0:c12k-os-mbi-3.6.0.CSCsy28524-1.0.0/mbiprp-rp.vm"
but at doc it says : System image file is "disk0:c12k-os-mbi-3.6.0/mbiprp-rp.vm" i think my image has something wrong. what do you say ? actually from step 1 to 16 was going smoothly , but step 17 doesnt go ... and i jump to Flash Disk Upgrade Abort Procedure section and i rollback to old flash disk and now it is working ....
Regarding to step 17, why standby PRP is not ready , it shows no valid partner ?
I've got three WG302s of which the certificates on all of them are up. I've begun the process of replacing the firmware on one of them with OpenWrt. I've been using this to get the job done: url...I've been able to edit it up to the point of using fconfig to edit the boot script. I understand that I just need to edit two lines and the firmware replacement will be complete. [code]I've looked up fconfig commands to see if I could figure out how to edit the script lines.
I hope that we can get this DIR-825 back from the dead. I did the first portion of the 2.05NA upgrade while wired into LAN1 on the unit, after the reboot the power light went Amber and the unit would no longer respond to pings. I have searched around for various reset methods but have not been able to find a guide or a definitive current D-Link tech manual on how to fix a bad flash. I have tried pinging/arping/web browsing its default IP and the IP I had it set to to no avail.